There’s a critical vulnerability in ASP.NET which allows the attacker to gain access to the machine key and hence all the encrypted data in asp.net. Together with other exploits available in the target application, it can combine to give the attacker quite a fair bit of access to the target app.